Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow bumping GH actions to rolling releases #2304

Closed
evgeni opened this issue Jul 9, 2020 · 2 comments · Fixed by #5891
Closed

Allow bumping GH actions to rolling releases #2304

evgeni opened this issue Jul 9, 2020 · 2 comments · Fixed by #5891
Labels
core 🍏 Relates to the dependabot-core library itself L: github:actions GitHub Actions T: feature-request Requests for new features

Comments

@evgeni
Copy link

evgeni commented Jul 9, 2020

Currently dependabot will bump GitHub actions to whatever the latest vX.Y.Z tag is. However, actions also usually have a vX tag that points to the latest X.Y.Z (and gets updated). I'd like to be able to select the bumping behavior and prefer vX tags.

Example PR that was opened with full version and then manually changed to v2: theforeman/releasetool#19
@evgeni
Copy link
Author

evgeni commented Jul 9, 2020

cc @ekohl

@nihalgonsalves nihalgonsalves mentioned this issue Nov 4, 2020
Closed
@felipecrs felipecrs mentioned this issue Jan 16, 2021
Closed
This was referenced Feb 7, 2021
Closed
Closed
Closed
Closed
This was referenced Feb 8, 2021
Closed
Closed
This was referenced Feb 8, 2021
Closed
Closed
This was referenced Feb 16, 2021
Closed
Closed
This was referenced May 25, 2021
Closed
Closed
Closed
Closed
@dopplershift dopplershift mentioned this issue Nov 24, 2021
Merged
@jurre jurre added L: github:actions GitHub Actions T: feature-request Requests for new features core 🍏 Relates to the dependabot-core library itself labels Dec 1, 2021
@nickserv
Copy link

nickserv commented Jun 22, 2022
edited
Loading

I've noticed this is also an issue when the same major version tag has an update. For example, v2 should not be bumped to v2.0.1.

I think we should respect the existing tag precision to stay consistent with #4953. GitHub Actions docs tend to use major version tags anyway, so this should still simplify Dependabot usage for those users.

This was referenced Jun 22, 2022
Merged
Merged
Merged
@DarkWanderer DarkWanderer mentioned this issue Oct 16, 2022
Closed
1 task
@deivid-rodriguez deivid-rodriguez mentioned this issue Oct 16, 2022
Merged
@evgeni evgeni mentioned this issue Oct 27, 2022
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
core 🍏 Relates to the dependabot-core library itself L: github:actions GitHub Actions T: feature-request Requests for new features
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Never change version precision of actions chosen by users dependabot/dependabot-core
3 participants
@evgeni @jurre @nickserv